Let's Encrypt SSL Certificate Idiot's Guide
-
- Starting out
- Posts: 13
- Joined: Wed Oct 17, 2018 8:02 pm
Let's Encrypt SSL Certificate Idiot's Guide
I'm just in the process of installing my first NAS and just wasted most of my weekend trying to get my own certificate via Let's Encrypt or SSL for Free (which generates certificates from Let's Encrypt). In the end it was dead simple, so I thought I'd write this for other beginners with an easy-to-find title.
It turns out that you don't need to faff around with external sites, SSH, cURL commands, and all of that other frightening-looking stuff. QNAP has kindly integrated everything into apps, but only one of them works!
I assume that you have managed to set up myqnapcloud and have the myqnapcloud app running on your NAS.
1. IGNORE Control Panel/System/Security/Certificate & Private Key as this seems to have a bug. This page can be used later to download your certificate should you need it.
2. Open the myqnapcloud app on your NAS
3. Click on SSL Certificate in the left panel
4. Under Let's Encrypt, hit the Download and Install button
5. Enter your myqnapcloud domain name <yourdomain>.myqnapcloud.com and your email address
6. Select Automatically Renew should you want. Probably best.
7. Click on confirm & wait a little
8. Enjoy all that SSL goodness!
I assume that the above should work in the vast majority of cases.
References to help Forum search: https://letsencrypt.org/, https://www.sslforfree.com/
It turns out that you don't need to faff around with external sites, SSH, cURL commands, and all of that other frightening-looking stuff. QNAP has kindly integrated everything into apps, but only one of them works!
I assume that you have managed to set up myqnapcloud and have the myqnapcloud app running on your NAS.
1. IGNORE Control Panel/System/Security/Certificate & Private Key as this seems to have a bug. This page can be used later to download your certificate should you need it.
2. Open the myqnapcloud app on your NAS
3. Click on SSL Certificate in the left panel
4. Under Let's Encrypt, hit the Download and Install button
5. Enter your myqnapcloud domain name <yourdomain>.myqnapcloud.com and your email address
6. Select Automatically Renew should you want. Probably best.
7. Click on confirm & wait a little
8. Enjoy all that SSL goodness!
I assume that the above should work in the vast majority of cases.
References to help Forum search: https://letsencrypt.org/, https://www.sslforfree.com/
TS-251B, QTS 4.3.5.0723 (2018/10/13), 2 x WD Red 4T SATA, UPS= Cyberpower VALUE600EILCD, NAS backup to external HD stored off-site
-
- New here
- Posts: 3
- Joined: Wed Sep 17, 2014 2:54 am
Re: Let's Encrypt SSL Certificate Idiot's Guide
nobody wants to use myqnapcloud **. I want to use my own fixed IP and domain name!!!
qnap.myowndomain.com for example.
qnap.myowndomain.com for example.
- Toxic17
- Ask me anything
- Posts: 6481
- Joined: Tue Jan 25, 2011 11:41 pm
- Location: Planet Earth
- Contact:
Re: Let's Encrypt SSL Certificate Idiot's Guide
Regards Simon
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
-
- New here
- Posts: 2
- Joined: Fri Feb 03, 2017 12:21 pm
Re: Let's Encrypt SSL Certificate Idiot's Guide
use Let's Encrypt SSL Certificate with own domain name
On Qnap
1. Enable Web Server with port 80. Control Panel --> Applications --> Web Server
2. Ensure Qnap System port is not using port 80. Control Panel --> System --> General Setting --> System Port is not port 80
On your router
3. create a port forward rule, forward external port 80 to internal port 80, server is your qnap
On you Browser
4. test web access to your qnap public ip or FQDN, http://your_qnap_ip:80
5. make sure it will not redirect to your Qnap admin login page
On Qnap
6. download and install Let's Encrypt SSL Cert, Control Panel --> System --> Security --> Certificate & Private Key, click "Replace Certificate" --> get from Let's Encrypt
7 . enter your own domain name qnap.myowndoamin.com and your email address
i am able to install Let's Encrypt SSL Cert by doing above.
** tested enable "force secure connection (HTTPS) only" under Control Panel --> System --> General Setting, seem it will break
On Qnap
1. Enable Web Server with port 80. Control Panel --> Applications --> Web Server
2. Ensure Qnap System port is not using port 80. Control Panel --> System --> General Setting --> System Port is not port 80
On your router
3. create a port forward rule, forward external port 80 to internal port 80, server is your qnap
On you Browser
4. test web access to your qnap public ip or FQDN, http://your_qnap_ip:80
5. make sure it will not redirect to your Qnap admin login page
On Qnap
6. download and install Let's Encrypt SSL Cert, Control Panel --> System --> Security --> Certificate & Private Key, click "Replace Certificate" --> get from Let's Encrypt
7 . enter your own domain name qnap.myowndoamin.com and your email address
i am able to install Let's Encrypt SSL Cert by doing above.
** tested enable "force secure connection (HTTPS) only" under Control Panel --> System --> General Setting, seem it will break
-
- Starting out
- Posts: 32
- Joined: Sat Jan 03, 2009 1:21 am
Re: Let's Encrypt SSL Certificate Idiot's Guide
Thanks for this guide!
Is there a way to auto-renew the certificate?
Is there a way to auto-renew the certificate?
-
- New here
- Posts: 4
- Joined: Sun Mar 31, 2019 11:37 am
Re: Let's Encrypt SSL Certificate Idiot's Guide
Hi, I've managed to trick Chrome SSL using local network address with Let's Encrypt certificate + editing hosts (making "https" icon NOT crossed out ie. certificate considered valid):
1.Followed "Let's Encrypt SSL Certificate Idiot's Guide" by using myqnapcloud (I have error by missing port 80 etc. with Control Panel --> Applications --> Web Server)
2.Added to hosts file:
(or whatever your local NAS IP and port is)
3.Followed the URL:
Hope this will help!
1.Followed "Let's Encrypt SSL Certificate Idiot's Guide" by using myqnapcloud (I have error by missing port 80 etc. with Control Panel --> Applications --> Web Server)
2.Added to hosts file:
Code: Select all
192.168.1.2:443 my-id.myqnapcloud.com
3.Followed the URL:
Code: Select all
https://my-id.myqnapcloud.com:443
-
- First post
- Posts: 1
- Joined: Wed Apr 10, 2019 9:49 pm
Re: Let's Encrypt SSL Certificate Idiot's Guide
I was getting the port 80 error. Turned out to be I had the checkbox to force only HTTPS connection checked on the webserver. Once I removed that setting I was able to redo my certificate and all my sub alt names.
-
- Know my way around
- Posts: 122
- Joined: Tue Jul 01, 2014 5:50 pm
Re: Let's Encrypt SSL Certificate Idiot's Guide
Control Panel --> System --> Security --> Certificate & Private Key, click "Replace Certificate"
if you are using this method, where are the certs placed?
if you are using this method, where are the certs placed?
-
- First post
- Posts: 1
- Joined: Fri May 17, 2019 9:50 pm
Re: Let's Encrypt SSL Certificate Idiot's Guide
In order to automatically update your NAS with several domain names (*.myqnapcloud.com and/or *.whatevercloud.* domain name you use), the following script worked for me like a charm:
https://github.com/Yannik/qnap-letsencrypt
I hope it helps.
https://github.com/Yannik/qnap-letsencrypt
I hope it helps.
-
- New here
- Posts: 3
- Joined: Fri May 05, 2017 4:16 am
-
- New here
- Posts: 2
- Joined: Sun Aug 30, 2020 8:09 pm
Re: Let's Encrypt SSL Certificate Idiot's Guide
You have to disable the Virtual Hosts in Control Panel --> Application Servers --> Web Server before getting certificate from Let's Encrypt via Control Panel --> System --> Security --> Certificate & Private Key, otherwise you'll get some wierd error. Once certificate is issued and installed on NAS, you can turn Virtual Hosts on again.
Other think I've found out as issue are UPnP rules set up by my QNAP on my home router. It should be ok if you have just one QNAP NAS on your network, but I have more of them and they somehow changed my defined rules on port forwarding, so port 80 and 443 ended on the wrong NAS.
Other think I've found out as issue are UPnP rules set up by my QNAP on my home router. It should be ok if you have just one QNAP NAS on your network, but I have more of them and they somehow changed my defined rules on port forwarding, so port 80 and 443 ended on the wrong NAS.
-
- Starting out
- Posts: 11
- Joined: Sat Jul 01, 2017 1:52 am
Re: Let's Encrypt SSL Certificate Idiot's Guide
I'm experiencing some of the same issues mentioned in this thread, but with different results.
1) I've disabled Web server: Control Panel --> Application Servers --> Web Server
2) I have Virtual Host and WebDAV both disabled. Control Panel --> Application Servers --> Web Server (tab Virtual Host/WebDAV)
3) I've changed HTTPS Port number back to 443 successfully (From the one I was using to secure my Nas). Control Panel --> System --> General
4) Upon trying to change the HTTP System port back to 80 (this is what I understand needs to happen to allow Let's Encrypt to verify the server) I get an error that "The system port is used by other applications".
I've tried stopping all running applications with no positive results.
No matter what, I can't seem to get the system port to switch BACK to port 80.
Has anyone else experienced this reaction? Would love to hear some idea's to try.
FYI I'm using a Dynamic DNS to direct traffic to the server. Typically my address is https://[my server].ddns.net:[my port]. It's been working fine (and still does, although with the expired SSL certificate I get a risk message every time).
1) I've disabled Web server: Control Panel --> Application Servers --> Web Server
2) I have Virtual Host and WebDAV both disabled. Control Panel --> Application Servers --> Web Server (tab Virtual Host/WebDAV)
3) I've changed HTTPS Port number back to 443 successfully (From the one I was using to secure my Nas). Control Panel --> System --> General
4) Upon trying to change the HTTP System port back to 80 (this is what I understand needs to happen to allow Let's Encrypt to verify the server) I get an error that "The system port is used by other applications".
I've tried stopping all running applications with no positive results.
No matter what, I can't seem to get the system port to switch BACK to port 80.
Has anyone else experienced this reaction? Would love to hear some idea's to try.
FYI I'm using a Dynamic DNS to direct traffic to the server. Typically my address is https://[my server].ddns.net:[my port]. It's been working fine (and still does, although with the expired SSL certificate I get a risk message every time).
-
- Getting the hang of things
- Posts: 63
- Joined: Wed Oct 28, 2009 8:42 pm
Re: Let's Encrypt SSL Certificate Idiot's Guide
Hi all,
I was trying to use the lets encrypt certificate on my TS-639 but i am stuck on step "4. Under Let's Encrypt, hit the Download and Install button"
I dont see the option.
As i mentioned above, my qnap is a TS-639 running firmware 4.2.6 from 2020/08/21.
Is the issue my TS-639 and the firmware version?
Thanks in advance.
Rodrigo
I was trying to use the lets encrypt certificate on my TS-639 but i am stuck on step "4. Under Let's Encrypt, hit the Download and Install button"
I dont see the option.
As i mentioned above, my qnap is a TS-639 running firmware 4.2.6 from 2020/08/21.
Is the issue my TS-639 and the firmware version?
Thanks in advance.
Rodrigo
-
- Getting the hang of things
- Posts: 70
- Joined: Fri Apr 04, 2008 7:53 pm
Re: Let's Encrypt SSL Certificate Idiot's Guide
Has anyone managed to create and download a Lets Encrypt cert for the [youraccount].myqnapcloud.com domain via the myqnapcloud app on QNAP for the last three months?
TS-209 Pro -> TS-212P -> TS-251
-
- New here
- Posts: 2
- Joined: Mon Sep 14, 2009 8:49 pm
Re: Let's Encrypt SSL Certificate Idiot's Guide
I can't move past Step #6 because there's no such "Replace" option where I could then choose a Let's Encrypt Certificate. I am on latest 4.2.6. firmware on a TS 639 pro.terrytse wrote: ↑Fri Jun 14, 2019 3:40 pm use Let's Encrypt SSL Certificate with own domain name
On Qnap
1. Enable Web Server with port 80. Control Panel --> Applications --> Web Server
2. Ensure Qnap System port is not using port 80. Control Panel --> System --> General Setting --> System Port is not port 80
On your router
3. create a port forward rule, forward external port 80 to internal port 80, server is your qnap
On you Browser
4. test web access to your qnap public ip or FQDN, http://your_qnap_ip:80
5. make sure it will not redirect to your Qnap admin login page
On Qnap
6. download and install Let's Encrypt SSL Cert, Control Panel --> System --> Security --> Certificate & Private Key, click "Replace Certificate" --> get from Let's Encrypt
7 . enter your own domain name qnap.myowndoamin.com and your email address
i am able to install Let's Encrypt SSL Cert by doing above.
** tested enable "force secure connection (HTTPS) only" under Control Panel --> System --> General Setting, seem it will break
Any help towards resolution would be much appreciated.
Thanks in advance